Security Update - WPA-2 Vulnerability

Security Update - WPA-2 Vulnerability

Gregor Jeffery - Oct 18, 2017

Overnight, news was released of a security vulnerability affecting most wifi networks. The vulnerability has been titled Krack, and when exploited, allows wifi traffic encrypted using WPA-2 keys to be accessed.

This vulnerability only occurs within a wifi network, so there are no updates Tesserent can provide at the firewall level to address this. To address this vulnerability you will need to apply firmware updates for your devices as they are made available. Microsoft released updates for Windows 10 in its October 10th update, so if Windows Update is enabled, those systems will already be protected. For other vendors, check their websites for updates.

Some key points on this vulnerability:

It is limited to wifi only, so an attack can only come from within wifi range

Changing your wifi password will not mitigate this risk; it is an issue with the random keys exchanged for each session

The attack is especially effective against Linux systems and Android devices. So much so that it is possible to insert fake websites and collect sensitive information. But again, only via wifi and within wifi range

The encryption used when accessing websites via https is not at risk. So even if the wifi encryption is compromised, the https encryption is still in use

Our recommendations are simple. Apply the vendor updates as soon as possible. And until that occurs, treat your internal wifi as you would a café hotspot.